Understanding ADAM service publication
Applies To: Windows Server 2003 R2
ADAM service publication
In Active Directory environments, service publication refers to the ability of a service to publish information about itself in the directory and to the ability of clients to discover that information and locate the service. When a computer on which Active Directory Application Mode (ADAM) is running is joined to an Active Directory domain, ADAM attempts to create service connection point (SCP) objects in Active Directory.
Active Directory and service connection points
In Active Directory network environments, services can publish information about their existence using serviceConnectionPoint objects in the directory. These objects contain binding information that client applications use to find and connect to instances of the service. To access a service, a client does not have to know about specific computers; the objects in Active Directory include this information.
When an ADAM instance is running in an Active Directory environment, it makes a best-effort attempt to publish updated information about itself in Active Directory. This attempt is a "best-effort" attempt because the attempt to create SCPs does not always succeed, and failure to create SCPs does not prevent the ADAM instance from running or accepting client connections.
The attempt to create SCPs succeeds if:
The computer on which the ADAM service is running is joined to a domain, and
The ADAM service account possesses Create Child rights on the computer object where the serviceConnectionPoint object is to be created.
By default, ADAM runs as NetworkService, and the serviceConnectionPoint object is created under the computer object that represents the computer on which ADAM is running. If the SCP object already exists, ADAM updates the object with any new information about the ADAM instance.
A serviceConnectionPoint object contains the information in the following table.
| serviceConnectionPoint attribute | Attribute contents |
|---|---|
Keywords |
|
serviceBindingInformation |
|
Note
The Keywords attribute is a multivalued attribute.
By default, the global catalog in Active Directory contains the contents of the Keywords attribute of an SCP object. As a result, a client can locate an object on which an SCP is created, even if the object is located in a different domain than the client.
Client searches
Client applications can find ADAM instances by searching the SCP attributes that are contained in the global catalog. For information about performing this search programmatically, see "How Clients Find and Use a Service Connection Point" at the Microsoft MSDN Web site. (Unlike the example shown at the Microsoft MSDN Web site, client applications need to perform only one search to retrieve the information necessary for ADAM binding.) Client applications can search for the ADAM object identifier, configuration partition GUID, ADAM instance GUID, ADAM instance name, or any directory partition. Client applications may also perform load balancing by selecting an ADAM instance at random when a search returns more than one applicable ADAM instance.
Service publication and discovery without SCPs
ADAM does not require that SCPs be published to run successfully. ADAM operates successfully with or without SCPs. Examples of environments without SCPs include workgroup environments and ADAM instances running under service accounts that do not possess sufficient privileges to create SCPs. In these cases, client applications can rely on Domain Name System (DNS) to resolve the host name of a computer on which ADAM is running. Note, however, that ADAM instances, unlike domain controllers in Active Directory, do not create service (SRV) records in DNS.